Microsoft and Symantec Neutralize Million-Dollar Bamital Botnet Cyber Crime Ring

Popular software giant Microsoft (MS) is attributed with the brunt of malicious attacks of its programming and Windows-based software, so it is no surprise they have a dedicated security team to track malware strategies in hopes of countering attacks. However, many PC users are not aware they also have a Digital Crime Unit and recently collaborated with Symantec, a US global security software corporation, to shutdown a botnet, Bamital, controlling hundreds of thousands of compromised PCs.

Backdoors are malicious programs emulating functionality of a remote assistance tool legitimately used to remotely aid computer users and offsite clients. Hackers use backdoors to secretly access and remotely control infected systems, ultimately turning them into zombies (individually compromised computers) and adding them to a botnet (a group of compromised computers or zombies). Millions of computers worldwide are compromised and added to botnets without the PC users or owners having any knowledge.

Botnets, of course, are used for malicious purposes. For instance, a botnet offers greater resources, i.e. browser bandwidth, that can be used to literally shut down or jam traffic to DNS or websites, also called a DNS strike. Botnets can help distribute mass email spam, be used to mine Bitcoins, an underground currency used to purchase all kinds of things, including illegal products or services, without tracking by government or local officials, or to forcibly route traffic to sites encouraging click fraud.

Bamital is reported to have infected and controlled 300,000 to 1 million PCs worldwide. Acting on an order issued by the US District Court of Alexandria, Virginia, MS, Symantec and the US Federal Marshal raided a data center in Weehawken, New Jersey and Manassas, Virginia. They seized one server in New Jersey and took down one in Netherlands that belonged to the Virginia data center. Unfortunately, the take down temporarily disrupted web traffic for the many infected PCs. Traffic attempts received the following message:

"You have reached this website because your computer is very likely to be infected by malware that redirects the results of your search queries. You will receive this notification until you remove the malware from your computer."

In addition to receiving notice, victims were offered free cleaning tools by both MS and Symantec to remove the malware that enslaved their systems to the botnet. Although MS had targeted and taken down other botnets courtesy of a court order, this would mark the first time they'd offer free cleaning tools for infected systems.

Reportedly, Bamital generated $1 million a year for its organizers, a group of crooks scattered across many countries and who registered websites and rented servers under fictitious names. The complaint alleges Bamital was primarily used to generate click fraud by forcibly routing traffic to either malicious or compromised websites in which cybercriminals have a financial relationship. Click fraud doesn't necessarily require actual human interaction but rather the malware can simulate the action. Click fraud not only pays ill gotten revenue to cybercriminals or a cyber operation, i.e. Bamital, but too can hurt the marketing budget of the actual advertising client or the search engine, i.e. Google's, because such activity degrades the quality of its advertising network.

Cybercriminals, literally get away with billions of stolen dollars, as they seldom leave footprints that lead to an arrest, which is why any raid, shutdown and ultimately arrest are big news in the Internet security arena. Unfortunately, however, when one botnet is shutdown, two more may be added. Therefore, it is imperative PC users protect their intellectual property by instituting the below safety rules:

• Use a dual firewall.
• Keep a stealth antimalware protection installed at all times and ensure it updates definitions 365/24/7, as well as offers a custom fix, if need be. Schedule routine scans to stay on top of possible threats or infiltrations.
• Use strong passwords that are hard to crack.
• Fully read end-user license agreements (EULA) to catch and reject suspicious or malicious downloads.
• Do not pirate! Not only is pirating illegal but such sites and downloads is a bedsore for infections.
• Verify the source of emails before clicking on attachments or hyperlinks. Better yet, delete spam altogether.
• Be careful when enjoying social networking, as accounts are often hacked to spread infectious posts or the like feature may be booby—trapped to transport you to a malicious webpage or ad.